CVE-2023-34435

2024-07-0816:15:02

CWE-347

[email protected]

web.nvd.nist.gov

firmware

vulnerability

realtek

jungle sdk

network packets

arbitrary

update

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.5%

JSON

A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Node

realtekrtl819x_jungle_software_development_kitMatch3.4.11

Node

level1wbr-6013_firmwareMatchrer4_a_v3411b_2t2r_lev_09_170623

AND

level1wbr-6013Match-

VendorProductVersionCPE
realtekrtl819x_jungle_software_development_kit3.4.11cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*
level1wbr-6013_firmwarerer4_a_v3411b_2t2r_lev_09_170623cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
level1wbr-6013-cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realtek	rtl819x_jungle_software_development_kit	3.4.11	cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:::::::*
level1	wbr-6013_firmware	rer4_a_v3411b_2t2r_lev_09_170623	cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:::::::*
level1	wbr-6013	-	cpe:2.3:h:level1:wbr-6013:-:::::::*